15 Actions

Creating an encryption key from several other keys and using hash functions@HM: if you do those 2^16 iterations with md5() then you have slowed down the attacker just a tiny bit .. just because md5() and sha*() are designed to run fast. with the above mentioned kdf() you do the keystretching as well .. but in a way that is really costly. the advantage of mentioned kdf() is not keystretching, it is the increased cost of calculating the key. and again: in your case you would use kdf() to create 'key1' and 'key2' based upon human passwords, if you create them out of a feasible pool of entropy you won't need that anymore.

Creating an encryption key from several other keys and using hash functions@HM: the point was not the keystretching part. it's obvious that a good kdf() does that. the point of the kdf() functions mentioned in my answer is that they are much much much harder to compute (memory and cpu-cycles wise) than something like easy-to-implement-in-hardware-functions like md5() and sha*(). so, to use one of the kdf() from my answer is not needed in your case .. but it won't hurt (thus is not 'wrong')

Creating an encryption key from several other keys and using hash functionsthe attack target here is to get the key which is the result of md5() or sha() or hash() or in general kdf(). coz that is what is used to encrypt the content. thus, you do not attack key1 or key2 but rather what falls out of kdf(). to slow down a brute force attack on that attack you need a good kdf() which makes brute forcing harder / slower. for the attacker it is irrelavent if the pair is ("foo"|"bar") or ("fo"|"obar") or any other combination.

Creating an encryption key from several other keys and using hash functionsthen reread them. the main point (again) is time. they make calculating / brute forcing the input hard hard hard by picking NOT fast code paths but slow ones. and mess around with the cpu cache. etc. all to slow the brute forcing down and making it thus more expensive. your argument about having totally awesome key1 and key2 parts is nil since that is irrelevant for brute-forcing md5(key1||key2). or sha2(key1||key2).